inital commit

.dockerignore

@@ -0,0 +1,8 @@
+.git
+.git*
+.drone.*
+*.md
+.dockerignore
+Dockerfile
+Dockerfile.*
+docker-compose.yml

.drone.jsonnet

@@ -0,0 +1,135 @@
+local PipelineBuild(os='linux', arch='amd64') = {
+  local tag = os + '-' + arch,
+  local version_tag = os + '-' + arch,
+  local file_suffix = std.strReplace(version_tag, '-', '.'),
+  kind: "pipeline",
+  name: version_tag,
+  platform: {
+    os: os,
+    arch: arch,
+  },
+  steps: [
+    {
+      name: 'dryrun',
+      image: 'plugins/docker:' + tag,
+      pull: 'always',
+      settings: {
+        dry_run: true,
+        tags: version_tag,
+        dockerfile: './Dockerfile.' + file_suffix,
+        repo: ' xoxys/kanboard',
+        username: { from_secret: "docker_username" },
+        password: { from_secret: "docker_password" },
+        build_args: {
+          KANBOARD_ORG_VERSION: "${DRONE_TAG##v}",
+          KANBOARD_VERSION: "${KANBOARD_ORG_VERSION%.*}",
+        },
+      },
+    },
+    {
+      name: 'publish',
+      image: 'plugins/docker:' + tag,
+      pull: 'always',
+      settings: {
+        auto_tag: true,
+        auto_tag_suffix: version_tag,
+        dockerfile: './Dockerfile.' + file_suffix,
+        repo: ' xoxys/kanboard',
+        username: { from_secret: "docker_username" },
+        password: { from_secret: "docker_password" },
+        build_args: {
+          KANBOARD_ORG_VERSION: "${DRONE_TAG##v}",
+          KANBOARD_VERSION: "${KANBOARD_ORG_VERSION%.*}",
+        },
+      },
+      when: {
+        ref: [
+          'refs/heads/master',
+          'refs/tags/**',
+        ],
+      },
+    },
+  ],
+};
+
+local PipelineNotifications(depends_on=[]) = {
+  kind: "pipeline",
+  name: "notifications",
+  platform: {
+    os: "linux",
+    arch: "amd64",
+  },
+  steps: [
+    {
+      image: "plugins/manifest",
+      name: "manifest",
+      pull: "always",
+      settings: {
+        auto_tag: true,
+        ignore_missing: true,
+        username: { from_secret: "docker_username" },
+        password: { from_secret: "docker_password" },
+        spec: "./manifest.tmpl",
+      },
+      when: {
+        ref: [
+          'refs/heads/master',
+          'refs/tags/**',
+        ],
+      },
+    },
+    {
+      name: "readme",
+      image: "sheogorath/readme-to-dockerhub",
+      pull: "always",
+      environment: {
+        DOCKERHUB_USERNAME: { from_secret: "docker_username" },
+        DOCKERHUB_PASSWORD: { from_secret: "docker_password" },
+        DOCKERHUB_REPO_PREFIX: "xoxys",
+        DOCKERHUB_REPO_NAME: "kanboard",
+        README_PATH: "README.md",
+        SHORT_DESCRIPTION: "Tiny Tiny RSS - free and open source news feed reader and aggregator"
+      },
+      when: {
+        ref: [
+          'refs/heads/master',
+          'refs/tags/**',
+        ],
+      },
+    },
+    {
+      name: "microbadger",
+      image: "plugins/webhook",
+      pull: "always",
+      settings: {
+        urls: { from_secret: "microbadger_url" },
+      },
+    },
+    {
+      image: "plugins/matrix",
+      name: "matrix",
+      pull: 'always',
+      settings: {
+        homeserver: "https://matrix.rknet.org",
+        roomid: "MtidqQXWWAtQcByBhH:rknet.org",
+        template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}",
+        username: { from_secret: "matrix_username" },
+        password: { from_secret: "matrix_password" },
+      },
+      when: {
+        status: [ "success", "failure" ],
+      },
+    },
+  ],
+  trigger: {
+    status: [ "success", "failure" ],
+  },
+  depends_on: depends_on,
+};
+
+[
+  PipelineBuild(os='linux', arch='amd64'),
+  PipelineNotifications(depends_on=[
+    "linux-amd64",
+  ])
+]

.drone.yml

@@ -0,0 +1,123 @@
+---
+kind: pipeline
+name: linux-amd64
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+- name: dryrun
+  pull: always
+  image: plugins/docker:linux-amd64
+  settings:
+    build_args:
+      KANBOARD_ORG_VERSION: "${DRONE_TAG##v}"
+      KANBOARD_VERSION: "${KANBOARD_ORG_VERSION%.*}"
+    dockerfile: ./Dockerfile.linux.amd64
+    dry_run: true
+    password:
+      from_secret: docker_password
+    repo:  xoxys/kanboard
+    tags: linux-amd64
+    username:
+      from_secret: docker_username
+
+- name: publish
+  pull: always
+  image: plugins/docker:linux-amd64
+  settings:
+    auto_tag: true
+    auto_tag_suffix: linux-amd64
+    build_args:
+      KANBOARD_ORG_VERSION: "${DRONE_TAG##v}"
+      KANBOARD_VERSION: "${KANBOARD_ORG_VERSION%.*}"
+    dockerfile: ./Dockerfile.linux.amd64
+    password:
+      from_secret: docker_password
+    repo:  xoxys/kanboard
+    username:
+      from_secret: docker_username
+  when:
+    ref:
+    - refs/heads/master
+    - "refs/tags/**"
+
+---
+kind: pipeline
+name: notifications
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+- name: manifest
+  pull: always
+  image: plugins/manifest
+  settings:
+    auto_tag: true
+    ignore_missing: true
+    password:
+      from_secret: docker_password
+    spec: ./manifest.tmpl
+    username:
+      from_secret: docker_username
+  when:
+    ref:
+    - refs/heads/master
+    - "refs/tags/**"
+
+- name: readme
+  pull: always
+  image: sheogorath/readme-to-dockerhub
+  environment:
+    DOCKERHUB_PASSWORD:
+      from_secret: docker_password
+    DOCKERHUB_REPO_NAME: kanboard
+    DOCKERHUB_REPO_PREFIX: xoxys
+    DOCKERHUB_USERNAME:
+      from_secret: docker_username
+    README_PATH: README.md
+    SHORT_DESCRIPTION: Tiny Tiny RSS - free and open source news feed reader and aggregator
+  when:
+    ref:
+    - refs/heads/master
+    - "refs/tags/**"
+
+- name: microbadger
+  pull: always
+  image: plugins/webhook
+  settings:
+    urls:
+      from_secret: microbadger_url
+
+- name: matrix
+  pull: always
+  image: plugins/matrix
+  settings:
+    homeserver: https://matrix.rknet.org
+    password:
+      from_secret: matrix_password
+    roomid: MtidqQXWWAtQcByBhH:rknet.org
+    template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}"
+    username:
+      from_secret: matrix_username
+  when:
+    status:
+    - success
+    - failure
+
+trigger:
+  status:
+  - success
+  - failure
+
+depends_on:
+- linux-amd64
+
+---
+kind: signature
+hmac: 8e1ef31eafeeeac65a4a5cf9689dd6e66a97f8724a371e7e4b1319fbedc9276f
+
+...

Dockerfile.linux.amd64

@@ -0,0 +1,37 @@
+FROM alpine:3.10.0
+
+LABEL maintainer="Robert Kaussow <mail@geeklabor.de>" \
+    org.label-schema.name="TT-RSS" \
+    org.label-schema.version="1.2" \
+    org.label-schema.vendor="Robert Kaussow" \
+    org.label-schema.schema-version="1.0"
+
+ARG KANBOARD_VERSION=master
+ARG KANBOARD_TARBALL=https://github.com/kanboard/kanboard/archive/${KANBOARD_VERSION}.tar.gz
+
+RUN apk --update add --virtual .build-deps tar curl && \
+    apk --update add nginx ca-certificates s6 ssmtp mailx php7 php7-phar php7-curl \
+    php7-fpm php7-json php7-zlib php7-xml php7-dom php7-ctype php7-opcache php7-zip php7-iconv \
+    php7-pdo php7-pdo_mysql php7-pdo_sqlite php7-pdo_pgsql php7-mbstring php7-session php7-bcmath \
+    php7-gd php7-mcrypt php7-openssl php7-sockets php7-posix php7-ldap php7-simplexml && \ 
+    rm -rf /var/www/localhost && \
+    rm -f /etc/php7/php-fpm.d/www.conf && \
+    mkdir -p /var/www/app && \
+    curl -SsL -o /usr/local/bin/gomplate https://github.com/hairyhenderson/gomplate/releases/download/v3.5.0/gomplate_linux-amd64-slim && \
+    chmod 755 /usr/local/bin/gomplate && \
+    curl -SsL ${KANBOARD_TARBALL} | tar xz -C /var/www/app/ --strip-components=1 && \
+    curl -SsL -o /etc/php7/browscap.ini https://browscap.org/stream?q=Lite_PHP_BrowsCapINI && \
+    apk del .build-deps && \
+    rm -rf /var/cache/apk/* && \
+    rm -rf /tmp/*
+
+ADD overlay/ /
+
+VOLUME /var/www/app/plugins
+
+EXPOSE 80
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD /usr/local/bin/healthcheck.sh
+WORKDIR /var/www/app
+CMD []

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Robert Kaussow
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished
+to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice (including the next
+paragraph) shall be included in all copies or substantial portions of the
+Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS
+OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
+OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,157 @@
+# [kanboard](https://gitea.rknet.org/docker/kanboard)
+
+[![Build Status](https://drone.rknet.org/api/badges/docker/kanboard/status.svg)](https://drone.rknet.org/docker/kanboard/)
+[![Microbadger](https://images.microbadger.com/badges/image/xoxys/kanboard.svg)](https://microbadger.com/images/xoxys/kanboard "Get your own image badge on microbadger.com")
+
+Kanboard is project management software that focuses on the Kanban methodology.
+
+## Usage
+
+Here are some example snippets to help you get started creating a container.
+
+> **WARNING**: For production usage you should secure your database and NOT use the default credentials!
+
+### Docker
+
+```Shell
+docker create \
+  --name=kanboard \
+  -p 80:80 \
+  xoxys/kanboard
+```
+
+### Docker Compose
+
+Compatible with docker-compose v2 schemas.
+
+```Yaml
+---
+version: '2.1'
+
+services:
+  kanboard:
+    image: kanboard/kanboard:latest
+    ports:
+      - "80:80"
+    volumes:
+      - kanboard_data:/var/www/app/data
+      - kanboard_plugins:/var/www/app/plugins
+
+volumes:
+  kanboard_data:
+    driver: local
+  kanboard_plugins:
+    driver: local
+```
+
+## Environment variables
+
+### TT-RSS
+
+```Shell
+KANBOARD_PLUGIN_INSTALLER=false
+KANBOARD_CACHE_DRIVER=memory
+KANBOARD_MAIL_CONFIGURATION=true
+KANBOARD_MAIL_FROM=
+KANBOARD_MAIL_TRANSPORT=mail
+KANBOARD_MAIL_SMTP_HOSTNAME
+KANBOARD_MAIL_SMTP_PORT=25
+KANBOARD_MAIL_SMTP_USERNAME=
+KANBOARD_MAIL_SMTP_PASSWORD=
+KANBOARD_MAIL_SMTP_ENCRYPTION=null
+KANBOARD_MAIL_SENDMAIL_COMMAND=/usr/sbin/sendmail -bs
+KANBOARD_DB_RUN_MIGRATIONS=true
+KANBOARD_DB_DRIVER=sqlite
+KANBOARD_DB_USERNAME=root
+KANBOARD_DB_PASSWORD=root
+KANBOARD_DB_HOSTNAME=localhost
+KANBOARD_DB_NAME=kanboard
+KANBOARD_DB_PORT=null
+KANBOARD_DB_SSL_KEY=null
+KANBOARD_DB_SSL_CERT=null
+KANBOARD_DB_SSL_CA=null
+KANBOARD_DB_VERIFY_SERVER_CERT=null
+KANBOARD_DB_TIMEOUT=null
+KANBOARD_LDAP_AUTH=false
+KANBOARD_LDAP_SERVER
+KANBOARD_LDAP_PORT=389
+KANBOARD_LDAP_SSL_VERIFY=true
+KANBOARD_LDAP_START_TLS=false
+KANBOARD_LDAP_USERNAME_CASE_SENSITIVE=false
+KANBOARD_LDAP_BIND_TYPE=anonymous
+KANBOARD_LDAP_USERNAME=null
+KANBOARD_LDAP_PASSWORD=null
+KANBOARD_LDAP_USER_BASE_DN=
+KANBOARD_LDAP_USER_FILTER=
+KANBOARD_LDAP_USER_ATTRIBUTE_USERNAME=uid
+KANBOARD_LDAP_USER_ATTRIBUTE_FULLNAME=cn
+KANBOARD_LDAP_USER_ATTRIBUTE_EMAIL=mail
+KANBOARD_LDAP_USER_ATTRIBUTE_GROUPS=memberof
+KANBOARD_LDAP_USER_ATTRIBUTE_PHOTO=
+KANBOARD_LDAP_USER_ATTRIBUTE_LANGUAGE=
+KANBOARD_LDAP_USER_CREATION=true
+KANBOARD_LDAP_GROUP_ADMIN_DN=
+KANBOARD_LDAP_GROUP_MANAGER_DN=
+KANBOARD_LDAP_GROUP_PROVIDER=false
+KANBOARD_LDAP_GROUP_BASE_DN=
+KANBOARD_LDAP_GROUP_FILTER=
+KANBOARD_LDAP_GROUP_USER_FILTER=
+KANBOARD_LDAP_GROUP_ATTRIBUTE_NAME=cn
+KANBOARD_REVERSE_PROXY_AUTH=false
+KANBOARD_REVERSE_PROXY_USER_HEADER=REMOTE_USER
+KANBOARD_REVERSE_PROXY_DEFAULT_ADMIN=
+KANBOARD_REVERSE_PROXY_DEFAULT_DOMAIN=
+KANBOARD_REMEMBER_ME_AUTH=true
+KANBOARD_MARKDOWN_ESCAPE_HTML=true
+KANBOARD_API_AUTHENTICATION_HEADER=
+KANBOARD_ENABLE_URL_REWRITE=false
+KANBOARD_HIDE_LOGIN_FORM=false
+KANBOARD_DISABLE_LOGOUT=false
+KANBOARD_BRUTEFORCE_CAPTCHA=3
+KANBOARD_BRUTEFORCE_LOCKDOWN=6
+KANBOARD_BRUTEFORCE_LOCKDOWN_DURATION=15
+KANBOARD_SESSION_DURATION=0
+KANBOARD_HTTP_PROXY_HOSTNAME=
+KANBOARD_HTTP_PROXY_PORT=3128
+KANBOARD_HTTP_PROXY_USERNAME=
+KANBOARD_HTTP_PROXY_PASSWORD=
+KANBOARD_HTTP_PROXY_EXCLUDE=localhost
+KANBOARD_HTTP_VERIFY_SSL_CERTIFICATE=true
+KANBOARD_TOTP_ISSUER=Kanboard
+KANBOARD_EXTERNAL_AUTH_EXCLUDE_FIELDS=username
+```
+
+### PHP
+
+```Shell
+PHP_EXPOSE_PHP=Off
+PHP_MAX_EXECUTION_TIME=30
+PHP_MAX_INPUT_TIME=60
+PHP_MEMORY_LIMIT=50M
+PHP_ERROR_REPORTING=E_ALL & ~E_DEPRECATED & ~E_STRICT
+PHP_DISPLAY_ERRORS=Off
+PHP_DISPLAY_STARTUP_ERRORS=Off
+PHP_LOG_ERRORS=On
+PHP_LOG_ERRORS_MAX_LEN=1024
+PHP_IGNORE_REPEATED_ERRORS=Off
+PHP_IGNORE_REPEATED_SOURCE=Off
+PHP_REPORT_MEMLEAKS=On
+PHP_HTML_ERRORSOn
+PHP_ERROR_LOG=/proc/self/fd/2
+PHP_POST_MAX_SIZE=8M
+PHP_FILE_UPLOADS=Off
+PHP_UPLOAD_MAX_FILESIZE=2M
+PHP_MAX_FILE_UPLOADS=2
+PHP_ALLOW_URL_FOPEN=On
+PHP_ALLOW_URL_INCLUDE=Off
+PHP_DATE_TIMEZONE=Europe/Berlin
+PHP_SQL_SAFE_MODE=On
+```
+
+### License
+
+This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/docker/kanboard/src/branch/master/LICENSE) file for details.
+
+### Maintainers and Contributors
+
+[Robert Kaussow](https://gitea.rknet.org/xoxys)

docker-compose.yml

@@ -0,0 +1,18 @@
+version: '2.1'
+
+services:
+  kanboard:
+    image: xoxys/kanboard:latest
+    ports:
+      - "80:80"
+    volumes:
+      - kanboard_data:/var/www/app/data
+      - kanboard_plugins:/var/www/app/plugins
+    environment:
+      KANBOARD_PLUGIN_INSTALLER: "true" 
+
+volumes:
+  kanboard_data:
+    driver: local
+  kanboard_plugins:
+    driver: local

manifest.tmpl

@@ -0,0 +1,12 @@
+image: xoxys/kanboard:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
+{{#if build.tags}}
+tags:
+{{#each build.tags}}
+  - {{this}}
+{{/each}}
+{{/if}}
+manifests:
+  - image: xoxys/kanboard:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64
+    platform:
+      architecture: amd64
+      os: linux

overlay/etc/crontabs/nginx

@@ -0,0 +1 @@
+0 8 * * * cd /var/www/app && ./cli cronjob >/dev/null 2>&1

overlay/etc/nginx/nginx.conf

@@ -0,0 +1,76 @@
+user nginx;
+worker_processes 1;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    sendfile           on;
+    tcp_nopush         on;
+    tcp_nodelay        on;
+    keepalive_timeout  65;
+    server_tokens      off;
+    access_log         off;
+    error_log          /dev/stderr;
+
+    fastcgi_buffers 16 16k;
+    fastcgi_buffer_size 32k;
+
+    server {
+        listen       80;
+        server_name  localhost;
+        index        index.php;
+        root         /var/www/app;
+        client_max_body_size 32M;
+
+        location / {
+            try_files $uri $uri/ /index.php$is_args$args;
+        }
+
+        location ~ \.php$ {
+            try_files $uri =404;
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            fastcgi_pass unix:/var/run/php-fpm.sock;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_index index.php;
+            include fastcgi_params;
+        }
+
+        location ~ /data {
+            return 404;
+        }
+
+        location ~* ^.+\.(log|sqlite)$ {
+            return 404;
+        }
+
+        location ~ /\.ht {
+            return 404;
+        }
+
+        location ~* ^.+\.(ico|jpg|gif|png|css|js|svg|eot|ttf|woff|woff2|otf)$ {
+            log_not_found off;
+            expires 7d;
+            etag on;
+        }
+
+        gzip on;
+        gzip_comp_level 3;
+        gzip_disable "msie6";
+        gzip_vary on;
+        gzip_types
+            text/javascript
+            application/javascript
+            application/json
+            text/xml
+            application/xml
+            application/rss+xml
+            text/css
+            text/plain;
+    }
+}

overlay/etc/php7/php-fpm.conf

@@ -0,0 +1,21 @@
+[global]
+error_log = /proc/self/fd/2
+log_level = warning
+daemonize = no
+
+[www]
+catch_workers_output = yes
+
+user = nginx
+group = nginx
+
+listen.owner = nginx
+listen.group = nginx
+listen = /var/run/php-fpm.sock
+
+pm = dynamic
+pm.max_children = 20
+pm.start_servers = 1
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+pm.max_requests = 2048

overlay/etc/php7/php.ini

@@ -0,0 +1,391 @@
+[PHP]
+user_ini.filename = ".user.ini"
+user_ini.cache_ttl = 300
+
+engine = On
+short_open_tag = Off
+
+precision = 14
+
+output_buffering = 0
+;output_handler =
+
+zlib.output_compression = Off
+;zlib.output_compression_level = -1
+;zlib.output_handler =
+
+implicit_flush = Off
+
+unserialize_callback_func =
+serialize_precision = 17
+
+open_basedir = "/var/www/app:/var/lib/php/tmp_upload:/var/lib/php/session:/var/lib/php/soap_cache"
+
+disable_functions = system, exec, shell_exec, phpinfo, show_source, highlight_file, popen, proc_open, fopen_with_path, dbmopen, dbase_open, putenv, move_uploaded_file, mkdir, rmdir, chmod, rename, filepro, filepro_rowcount, filepro_retrieve, posix_mkfifo
+disable_classes =
+
+;highlight.string  = #DD0000
+;highlight.comment = #FF9900
+;highlight.keyword = #007700
+;highlight.default = #0000BB
+;highlight.html    = #000000
+
+;ignore_user_abort = On
+
+;realpath_cache_size = 16k
+;realpath_cache_ttl = 120
+
+zend.enable_gc = On
+;zend.multibyte = Off
+;zend.script_encoding =
+
+expose_php = Off
+
+max_execution_time = 30
+max_input_time = 60
+;max_input_nesting_level = 64
+max_input_vars = 100
+memory_limit = 50M
+
+error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
+display_errors = Off
+display_startup_errors = Off
+log_errors = On
+log_errors_max_len = 1024
+ignore_repeated_errors = Off
+ignore_repeated_source = Off
+report_memleaks = On
+;report_zend_debug = 0
+;xmlrpc_errors = 0
+;xmlrpc_error_number = 0
+html_errors = On
+;docref_root = "/phpmanual/"
+;docref_ext = .html
+;error_prepend_string = "<span style='color: #ff0000'>"
+;error_append_string = "</span>"
+error_log = /proc/self/fd/2
+;windows.show_crt_warning
+
+;arg_separator.output = "&amp;"
+;arg_separator.input = ";&"
+
+variables_order = "GPCS"
+request_order = "GP"
+
+register_argc_argv = Off
+auto_globals_jit = On
+;enable_post_data_reading = Off
+post_max_size = 8M
+
+auto_prepend_file =
+auto_append_file =
+
+default_mimetype = "text/html"
+default_charset = "UTF-8"
+;internal_encoding =
+;input_encoding =
+;output_encoding =
+
+;include_path = ".:/php7/includes"
+
+doc_root =
+user_dir =
+
+extension_dir = "/usr/lib/php7/modules"
+;sys_temp_dir = "/tmp"
+enable_dl = Off
+
+cgi.force_redirect = 1
+;cgi.nph = 1
+;cgi.redirect_status_env =
+cgi.fix_pathinfo = 0
+cgi.discard_path = 1
+
+;fastcgi.impersonate = 1
+;fastcgi.logging = 0
+;cgi.rfc2616_headers = 0
+;cgi.check_shebang_line = 1
+
+file_uploads = Off
+upload_tmp_dir = /var/lib/php/tmp_upload
+upload_max_filesize = 2M
+max_file_uploads = 2
+
+allow_url_fopen = On
+allow_url_include = Off
+
+;from="john@doe.com"
+;user_agent="PHP"
+
+default_socket_timeout = 60
+;auto_detect_line_endings = Off
+
+[CLI Server]
+cli_server.color = On
+
+[Date]
+date.timezone = Europe/Berlin
+;date.default_latitude = 31.7667
+;date.default_longitude = 35.2333
+;date.sunrise_zenith = 90.583333
+;date.sunset_zenith = 90.583333
+
+[filter]
+;filter.default = unsafe_raw
+;filter.default_flags =
+
+[iconv]
+;iconv.input_encoding =
+;iconv.internal_encoding =
+;iconv.output_encoding =
+
+[intl]
+;intl.default_locale =
+;intl.error_level = E_WARNING
+;intl.use_exceptions = 0
+
+[sqlite3]
+;sqlite3.extension_dir =
+
+[Pcre]
+;pcre.backtrack_limit = 100000
+;pcre.recursion_limit = 100000
+;pcre.jit = 1
+
+[Pdo]
+;pdo_odbc.connection_pooling = strict
+;pdo_odbc.db2_instance_name
+
+[Pdo_mysql]
+pdo_mysql.cache_size = 2000
+pdo_mysql.default_socket =
+
+[Phar]
+;phar.readonly = On
+;phar.require_hash = On
+;phar.cache_list =
+
+[mail function]
+SMTP = localhost
+smtp_port = 25
+;sendmail_path =
+
+;mail.force_extra_parameters =
+mail.add_x_header = On
+;mail.log =
+;mail.log = syslog
+
+[SQL]
+sql.safe_mode = On
+
+[ODBC]
+;odbc.default_db = Not yet implemented
+;odbc.default_user = Not yet implemented
+;odbc.default_pw = Not yet implemented
+;odbc.default_cursortype
+odbc.allow_persistent = On
+odbc.check_persistent = On
+odbc.max_persistent = -1
+odbc.max_links = -1
+odbc.defaultlrl = 4096
+odbc.defaultbinmode = 1
+;birdstep.max_links = -1
+
+[Interbase]
+ibase.allow_persistent = 1
+ibase.max_persistent = -1
+ibase.max_links = -1
+;ibase.default_db =
+;ibase.default_user =
+;ibase.default_password =
+;ibase.default_charset =
+ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
+ibase.dateformat = "%Y-%m-%d"
+ibase.timeformat = "%H:%M:%S"
+
+[MySQLi]
+;mysqli.allow_local_infile = On
+mysqli.max_persistent = -1
+mysqli.allow_persistent = On
+mysqli.max_links = -1
+mysqli.cache_size = 2000
+mysqli.default_port = 3306
+mysqli.default_socket =
+mysqli.default_host =
+mysqli.default_user =
+mysqli.default_pw =
+mysqli.reconnect = Off
+
+[mysqlnd]
+mysqlnd.collect_statistics = On
+mysqlnd.collect_memory_statistics = Off
+;mysqlnd.debug =
+;mysqlnd.log_mask = 0
+;mysqlnd.mempool_default_size = 16000
+;mysqlnd.net_cmd_buffer_size = 2048
+;mysqlnd.net_read_buffer_size = 32768
+;mysqlnd.net_read_timeout = 31536000
+;mysqlnd.sha256_server_public_key =
+
+[OCI8]
+;oci8.privileged_connect = Off
+;oci8.max_persistent = -1
+;oci8.persistent_timeout = -1
+;oci8.ping_interval = 60
+;oci8.connection_class =
+;oci8.events = Off
+;oci8.statement_cache_size = 20
+;oci8.default_prefetch = 100
+;oci8.old_oci_close_semantics = Off
+
+[PostgreSQL]
+pgsql.allow_persistent = On
+pgsql.auto_reset_persistent = Off
+pgsql.max_persistent = -1
+pgsql.max_links = -1
+pgsql.ignore_notice = 0
+pgsql.log_notice = 0
+
+[bcmath]
+bcmath.scale = 0
+
+[browscap]
+browscap = /etc/php7/browscap.ini
+
+[Session]
+session.save_handler = files
+session.save_path = "/var/lib/php/session"
+session.use_strict_mode = 1
+session.use_cookies = 1
+session.cookie_secure = 0
+session.use_only_cookies = 1
+session.name = PHPSESSID
+session.auto_start = Off
+session.cookie_lifetime = 14400
+session.cookie_path = /
+session.cookie_domain =
+session.cookie_httponly = 1
+session.serialize_handler = php
+session.gc_probability = 1
+session.gc_divisor = 1000
+session.gc_maxlifetime = 1440
+session.referer_check =
+;session.entropy_length = 32
+;session.entropy_file = /dev/urandom
+session.cache_limiter = nocache
+session.cache_expire = 30
+session.use_trans_sid = 0
+session.hash_function = sha512
+session.hash_bits_per_character = 5
+url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
+;session.upload_progress.enabled = On
+;session.upload_progress.cleanup = On
+;session.upload_progress.prefix = "upload_progress_"
+;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"
+;session.upload_progress.freq =  "1%"
+;session.upload_progress.min_freq = "1"
+;session.lazy_write = On
+
+[Assertion]
+zend.assertions = -1
+;assert.active = On
+;assert.exception = On
+;assert.warning = On
+;assert.bail = Off
+;assert.callback = 0
+;assert.quiet_eval = 0
+
+[COM]
+;com.typelib_file =
+;com.allow_dcom = true
+;com.autoregister_typelib = true
+;com.autoregister_casesensitive = false
+;com.autoregister_verbose = true
+;com.code_page=
+
+[mbstring]
+;mbstring.language = Japanese
+;mbstring.internal_encoding =
+;mbstring.http_input =
+;mbstring.http_output =
+;mbstring.encoding_translation = Off
+;mbstring.detect_order = auto
+;mbstring.substitute_character = none
+;mbstring.func_overload = 0
+;mbstring.strict_detection = On
+;mbstring.http_output_conv_mimetype =
+
+[gd]
+;gd.jpeg_ignore_warning = 0
+
+[exif]
+;exif.encode_unicode = ISO-8859-15
+;exif.decode_unicode_motorola = UCS-2BE
+;exif.decode_unicode_intel = UCS-2LE
+;exif.encode_jis =
+;exif.decode_jis_motorola = JIS
+;exif.decode_jis_intel = JIS
+
+[Tidy]
+;tidy.default_config = /usr/local/lib/php7/default.tcfg
+tidy.clean_output = Off
+
+[soap]
+soap.wsdl_cache_enabled = 1
+soap.wsdl_cache_dir = "/var/lib/php/soap_cache"
+soap.wsdl_cache_ttl = 86400
+soap.wsdl_cache_limit = 5
+
+[sysvshm]
+;sysvshm.init_mem = 10000
+
+[ldap]
+ldap.max_links = -1
+
+[mcrypt]
+;mcrypt.algorithms_dir =
+;mcrypt.modes_dir =
+
+[dba]
+;dba.default_handler =
+
+[opcache]
+;opcache.enable = 0
+;opcache.enable_cli = 0
+;opcache.memory_consumption = 64
+;opcache.interned_strings_buffer = 4
+;opcache.max_accelerated_files = 2000
+;opcache.max_wasted_percentage = 5
+;opcache.use_cwd = 1
+;opcache.validate_timestamps = 1
+;opcache.revalidate_freq = 2
+;opcache.revalidate_path = 0
+;opcache.save_comments = 1
+;opcache.fast_shutdown = 0
+;opcache.enable_file_override = 0
+;opcache.optimization_level = 0xffffffff
+;opcache.dups_fix = 0
+;opcache.blacklist_filename =
+;opcache.max_file_size = 0
+;opcache.consistency_checks = 0
+;opcache.force_restart_timeout = 180
+;opcache.error_log =
+;opcache.log_verbosity_level = 1
+;opcache.preferred_memory_model =
+;opcache.protect_memory = 0
+;opcache.restrict_api =
+;opcache.mmap_base =
+;opcache.file_cache =
+;opcache.file_cache_only = 0
+;opcache.file_cache_consistency_checks = 1
+;opcache.file_cache_fallback = 1
+;opcache.huge_code_pages = 1
+;opcache.validate_permission = 0
+;opcache.validate_root = 0
+
+[curl]
+curl.cainfo = /etc/ssl/certs/ca-certificates.crt
+
+[openssl]
+openssl.cafile = /etc/ssl/certs/ca-certificates.crt
+openssl.capath = /etc/ssl/certs

overlay/etc/services.d/.s6-svscan/crash

@@ -0,0 +1,4 @@
+#!/bin/sh
+set -e
+echo "Container crashed. Exiting..."
+exit 1

overlay/etc/services.d/.s6-svscan/finish

@@ -0,0 +1,2 @@
+#!/bin/sh
+exit 0

overlay/etc/services.d/cron/run

@@ -0,0 +1,2 @@
+#!/bin/execlineb -P
+crond -f

overlay/etc/services.d/nginx/run

@@ -0,0 +1,2 @@
+#!/bin/execlineb -P
+nginx -g "daemon off;"

overlay/etc/services.d/php/run

@@ -0,0 +1,2 @@
+#!/bin/execlineb -P
+php-fpm7 -F

overlay/etc/templates/config.php.tmpl

@@ -0,0 +1,245 @@
+<?php
+
+// Data folder (must be writeable by the web server user and absolute)
+define('DATA_DIR', '/var/www/app/data');
+
+// Enable/Disable debug
+define('DEBUG', false);
+
+// Available log drivers: syslog, stderr, stdout, system or file
+define('LOG_DRIVER', 'stdout');
+
+// Plugins directory
+define('PLUGINS_DIR', '/var/www/app/plugins');
+
+// Plugins directory URL
+define('PLUGIN_API_URL', 'https://kanboard.org/plugins.json');
+
+// Enable/Disable plugin installer (Disabled by default for security reasons)
+// There is no code review or any approval process to submit a plugin.
+// This is up to the Kanboard instance owner to validate if a plugin is legit.
+define('PLUGIN_INSTALLER', {{ getenv "KANBOARD_PLUGIN_INSTALLER" "false" }});
+
+// Available cache drivers are "file" and "memory"
+define('CACHE_DRIVER', '{{ getenv "KANBOARD_CACHE_DRIVER" "memory" }}');
+
+// Cache folder to use if cache driver is "file" (must be writeable by the web server user)
+define('CACHE_DIR', '/var/www/app/data/cache');
+
+// Folder for uploaded files (must be writeable by the web server user)
+define('FILES_DIR', '/var/www/app/data/files');
+
+// Enable/disable email configuration from the user interface
+define('MAIL_CONFIGURATION', {{ getenv "KANBOARD_MAIL_CONFIGURATION" "true" }});
+
+// E-mail address used for the "From" header (notifications)
+define('MAIL_FROM', '{{ getenv "KANBOARD_MAIL_FROM" }}');
+
+// Mail transport available: "smtp", "sendmail", "mail" (PHP mail function), "postmark", "mailgun", "sendgrid"
+define('MAIL_TRANSPORT', '{{ getenv "KANBOARD_MAIL_TRANSPORT" "mail" }}');
+
+// SMTP configuration to use when the "smtp" transport is chosen
+define('MAIL_SMTP_HOSTNAME', '{{ getenv "KANBOARD_MAIL_SMTP_HOSTNAME" }}');
+define('MAIL_SMTP_PORT', {{ getenv "KANBOARD_MAIL_SMTP_PORT" "25" }});
+define('MAIL_SMTP_USERNAME', '{{ getenv "KANBOARD_MAIL_SMTP_USERNAME" }}');
+define('MAIL_SMTP_PASSWORD', '{{ getenv "KANBOARD_MAIL_SMTP_PASSWORD" }}');
+// Valid values are null (not a string "null"), "ssl" or "tls"
+define('MAIL_SMTP_ENCRYPTION', {{ getenv "KANBOARD_MAIL_SMTP_ENCRYPTION" "null" }});
+
+// Sendmail command to use when the transport is "sendmail"
+define('MAIL_SENDMAIL_COMMAND', '{{ getenv "KANBOARD_MAIL_SENDMAIL_COMMAND" "/usr/sbin/sendmail -bs" }}');
+
+// Run automatically database migrations
+// If set to false, you will have to run manually the SQL migrations from the CLI during the next Kanboard upgrade
+// Do not run the migrations from multiple processes at the same time (example: web page + background worker)
+define('DB_RUN_MIGRATIONS', {{ getenv "KANBOARD_DB_RUN_MIGRATIONS" "true" }});
+
+// Database driver: sqlite, mysql or postgres (sqlite by default)
+define('DB_DRIVER', '{{ getenv "KANBOARD_DB_DRIVER" "sqlite" }}');
+
+// Mysql/Postgres username
+define('DB_USERNAME', '{{ getenv "KANBOARD_DB_USERNAME" "root" }}');
+
+// Mysql/Postgres password
+define('DB_PASSWORD', '{{ getenv "KANBOARD_DB_PASSWORD" "root" }}');
+
+// Mysql/Postgres hostname
+define('DB_HOSTNAME', '{{ getenv "KANBOARD_DB_HOSTNAME" "localhost" }}');
+
+// Mysql/Postgres database name
+define('DB_NAME', '{{ getenv "KANBOARD_DB_NAME" "kanboard" }}');
+
+// Mysql/Postgres custom port (null = default port)
+define('DB_PORT', {{ getenv "KANBOARD_DB_PORT" "null" }});
+
+// Mysql SSL key
+define('DB_SSL_KEY', {{ getenv "KANBOARD_DB_SSL_KEY" "null" }});
+
+// Mysql SSL certificate
+define('DB_SSL_CERT', {{ getenv "KANBOARD_DB_SSL_CERT" "null" }});
+
+// Mysql SSL CA
+define('DB_SSL_CA', {{ getenv "KANBOARD_DB_SSL_CA" "null" }});
+
+// Mysql SSL server verification, set to false if you don't want the Mysql driver to validate the certificate CN
+define('DB_VERIFY_SERVER_CERT', {{ getenv "KANBOARD_DB_VERIFY_SERVER_CERT" "null" }});
+
+// Timeout value for PDO attribute
+define('DB_TIMEOUT', {{ getenv "KANBOARD_DB_TIMEOUT" "null" }});
+
+// Enable LDAP authentication (false by default)
+define('LDAP_AUTH', {{ getenv "KANBOARD_LDAP_AUTH" "false" }});
+
+// LDAP server hostname
+define('LDAP_SERVER', '{{ getenv "KANBOARD_LDAP_SERVER" }}');
+
+// LDAP server port (389 by default)
+define('LDAP_PORT', {{ getenv "KANBOARD_LDAP_PORT" "389" }});
+
+// By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification
+define('LDAP_SSL_VERIFY', {{ getenv "KANBOARD_LDAP_SSL_VERIFY" "true" }});
+
+// Enable LDAP START_TLS
+define('LDAP_START_TLS', {{ getenv "KANBOARD_LDAP_START_TLS" "false" }});
+
+// By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive)
+// Set to true if you want to preserve the case
+define('LDAP_USERNAME_CASE_SENSITIVE', {{ getenv "KANBOARD_LDAP_USERNAME_CASE_SENSITIVE" "false" }});
+
+// LDAP bind type: "anonymous", "user" or "proxy"
+define('LDAP_BIND_TYPE', '{{ getenv "KANBOARD_LDAP_BIND_TYPE" "anonymous" }}');
+
+// LDAP username to use with proxy mode
+// LDAP username pattern to use with user mode
+define('LDAP_USERNAME', {{ getenv "KANBOARD_LDAP_USERNAME" "null" }});
+
+// LDAP password to use for proxy mode
+define('LDAP_PASSWORD', {{ getenv "KANBOARD_LDAP_PASSWORD" "null" }});
+
+// LDAP DN for users
+// Example for ActiveDirectory: CN=Users,DC=kanboard,DC=local
+// Example for OpenLDAP: ou=People,dc=example,dc=com
+define('LDAP_USER_BASE_DN', '{{ getenv "KANBOARD_LDAP_USER_BASE_DN"}}');
+
+// LDAP pattern to use when searching for a user account
+// Example for ActiveDirectory: '(&(objectClass=user)(sAMAccountName=%s))'
+// Example for OpenLDAP: 'uid=%s'
+define('LDAP_USER_FILTER', '{{ getenv "KANBOARD_LDAP_USER_FILTER"}}');
+
+// LDAP attribute for username
+// Example for ActiveDirectory: 'samaccountname'
+// Example for OpenLDAP: 'uid'
+define('LDAP_USER_ATTRIBUTE_USERNAME', '{{ getenv "KANBOARD_LDAP_USER_ATTRIBUTE_USERNAME" "uid" }}');
+
+// LDAP attribute for user full name
+// Example for ActiveDirectory: 'displayname'
+// Example for OpenLDAP: 'cn'
+define('LDAP_USER_ATTRIBUTE_FULLNAME', '{{ getenv "KANBOARD_LDAP_USER_ATTRIBUTE_FULLNAME" "cn" }}');
+
+// LDAP attribute for user email
+define('LDAP_USER_ATTRIBUTE_EMAIL', '{{ getenv "KANBOARD_LDAP_USER_ATTRIBUTE_EMAIL" "mail" }}');
+
+// LDAP attribute to find groups in user profile
+define('LDAP_USER_ATTRIBUTE_GROUPS', '{{ getenv "KANBOARD_LDAP_USER_ATTRIBUTE_GROUPS" "memberof" }}');
+
+// LDAP attribute for user avatar image: thumbnailPhoto or jpegPhoto
+define('LDAP_USER_ATTRIBUTE_PHOTO', '{{ getenv "KANBOARD_LDAP_USER_ATTRIBUTE_PHOTO" }}');
+
+// LDAP attribute for user language, example: 'preferredlanguage'
+// Put an empty string to disable language sync
+define('LDAP_USER_ATTRIBUTE_LANGUAGE', '{{ getenv "KANBOARD_LDAP_USER_ATTRIBUTE_LANGUAGE" }}');
+
+// Allow automatic LDAP user creation
+define('LDAP_USER_CREATION', {{ getenv "KANBOARD_LDAP_USER_CREATION" "true" }});
+
+// LDAP DN for administrators
+// Example: CN=Kanboard-Admins,CN=Users,DC=kanboard,DC=local
+define('LDAP_GROUP_ADMIN_DN', '{{ getenv "KANBOARD_LDAP_GROUP_ADMIN_DN" }}');
+
+// LDAP DN for managers
+// Example: CN=Kanboard Managers,CN=Users,DC=kanboard,DC=local
+define('LDAP_GROUP_MANAGER_DN', '{{ getenv "KANBOARD_LDAP_GROUP_MANAGER_DN" }}');
+
+// Enable LDAP group provider for project permissions
+// The end-user will be able to browse LDAP groups from the user interface and allow access to specified projects
+define('LDAP_GROUP_PROVIDER', {{ getenv "KANBOARD_LDAP_GROUP_PROVIDER" "false" }});
+
+// LDAP Base DN for groups
+define('LDAP_GROUP_BASE_DN', '{{ getenv "KANBOARD_LDAP_GROUP_BASE_DN" }}');
+
+// LDAP group filter
+// Example for ActiveDirectory: (&(objectClass=group)(sAMAccountName=%s*))
+define('LDAP_GROUP_FILTER', '{{ getenv "KANBOARD_LDAP_GROUP_FILTER" }}');
+
+// LDAP user group filter
+// If this filter is configured, Kanboard will search user groups in LDAP_GROUP_BASE_DN with this filter
+// Example for OpenLDAP: (&(objectClass=posixGroup)(memberUid=%s))
+define('LDAP_GROUP_USER_FILTER', '{{ getenv "KANBOARD_LDAP_GROUP_USER_FILTER" }}');
+
+// LDAP attribute for the group name
+define('LDAP_GROUP_ATTRIBUTE_NAME', '{{ getenv "KANBOARD_LDAP_GROUP_ATTRIBUTE_NAME" "cn" }}');
+
+// Enable/disable the reverse proxy authentication
+define('REVERSE_PROXY_AUTH', {{ getenv "KANBOARD_REVERSE_PROXY_AUTH" "false" }});
+
+// Header name to use for the username
+define('REVERSE_PROXY_USER_HEADER', '{{ getenv "KANBOARD_REVERSE_PROXY_USER_HEADER" "REMOTE_USER" }}');
+
+// Username of the admin, by default blank
+define('REVERSE_PROXY_DEFAULT_ADMIN', '{{ getenv "KANBOARD_REVERSE_PROXY_DEFAULT_ADMIN" }}');
+
+// Default domain to use for setting the email address
+define('REVERSE_PROXY_DEFAULT_DOMAIN', '{{ getenv "KANBOARD_REVERSE_PROXY_DEFAULT_DOMAIN" }}');
+
+// Enable/disable remember me authentication
+define('REMEMBER_ME_AUTH', {{ getenv "KANBOARD_REMEMBER_ME_AUTH" "true" }});
+
+// Enable or disable "Strict-Transport-Security" HTTP header
+define('ENABLE_HSTS', false);
+
+// Enable or disable "X-Frame-Options: DENY" HTTP header
+define('ENABLE_XFRAME', false);
+
+// Escape html inside markdown text
+define('MARKDOWN_ESCAPE_HTML', {{ getenv "KANBOARD_MARKDOWN_ESCAPE_HTML" "true" }});
+
+// API alternative authentication header, the default is HTTP Basic Authentication defined in RFC2617
+define('API_AUTHENTICATION_HEADER', '{{ getenv "KANBOARD_API_AUTHENTICATION_HEADER" }}');
+
+// Enable/disable url rewrite
+define('ENABLE_URL_REWRITE', {{ getenv "KANBOARD_ENABLE_URL_REWRITE" "false" }});
+
+// Hide login form, useful if all your users use Google/Github/ReverseProxy authentication
+define('HIDE_LOGIN_FORM', {{ getenv "KANBOARD_HIDE_LOGIN_FORM" "false" }});
+
+// Disabling logout (useful for external SSO authentication)
+define('DISABLE_LOGOUT', {{ getenv "KANBOARD_DISABLE_LOGOUT" "false" }});
+
+// Enable captcha after 3 authentication failure
+define('BRUTEFORCE_CAPTCHA', {{ getenv "KANBOARD_BRUTEFORCE_CAPTCHA" "3" }});
+
+// Lock the account after 6 authentication failure
+define('BRUTEFORCE_LOCKDOWN', {{ getenv "KANBOARD_BRUTEFORCE_LOCKDOWN" "6" }});
+
+// Lock account duration in minute
+define('BRUTEFORCE_LOCKDOWN_DURATION', {{ getenv "KANBOARD_BRUTEFORCE_LOCKDOWN_DURATION" "15" }});
+
+// Session duration in second (0 = until the browser is closed)
+// See http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
+define('SESSION_DURATION', {{ getenv "KANBOARD_SESSION_DURATION" "0" }});
+
+// HTTP client proxy
+define('HTTP_PROXY_HOSTNAME', '{{ getenv "KANBOARD_HTTP_PROXY_HOSTNAME" }}');
+define('HTTP_PROXY_PORT', '{{ getenv "KANBOARD_HTTP_PROXY_PORT" "3128" }}');
+define('HTTP_PROXY_USERNAME', '{{ getenv "KANBOARD_HTTP_PROXY_USERNAME" }}');
+define('HTTP_PROXY_PASSWORD', '{{ getenv "KANBOARD_HTTP_PROXY_PASSWORD" }}');
+define('HTTP_PROXY_EXCLUDE', '{{ getenv "KANBOARD_HTTP_PROXY_EXCLUDE" "localhost" }}');
+
+// Set to false to allow self-signed certificates
+define('HTTP_VERIFY_SSL_CERTIFICATE', {{ getenv "KANBOARD_HTTP_VERIFY_SSL_CERTIFICATE" "true" }});
+
+// TOTP (2FA) issuer name
+define('TOTP_ISSUER', '{{ getenv "KANBOARD_TOTP_ISSUER" "Kanboard" }}');
+
+// Comma separated list of fields to not synchronize when using external authentication providers
+define('EXTERNAL_AUTH_EXCLUDE_FIELDS', '{{ getenv "KANBOARD_EXTERNAL_AUTH_EXCLUDE_FIELDS" "username" }}');

overlay/etc/templates/php.ini.tmpl

@@ -0,0 +1,391 @@
+[PHP]
+user_ini.filename = ".user.ini"
+user_ini.cache_ttl = 300
+
+engine = On
+short_open_tag = Off
+
+precision = 14
+
+output_buffering = 0
+;output_handler =
+
+zlib.output_compression = Off
+;zlib.output_compression_level = -1
+;zlib.output_handler =
+
+implicit_flush = Off
+
+unserialize_callback_func =
+serialize_precision = 17
+
+open_basedir = "/var/www/app:/var/lib/php/tmp_upload:/var/lib/php/session:/var/lib/php/soap_cache"
+
+disable_functions = system, exec, shell_exec, phpinfo, show_source, highlight_file, popen, proc_open, fopen_with_path, dbmopen, dbase_open, putenv, move_uploaded_file, mkdir, rmdir, chmod, rename, filepro, filepro_rowcount, filepro_retrieve, posix_mkfifo
+disable_classes =
+
+;highlight.string  = #DD0000
+;highlight.comment = #FF9900
+;highlight.keyword = #007700
+;highlight.default = #0000BB
+;highlight.html    = #000000
+
+;ignore_user_abort = On
+
+;realpath_cache_size = 16k
+;realpath_cache_ttl = 120
+
+zend.enable_gc = On
+;zend.multibyte = Off
+;zend.script_encoding =
+
+expose_php = {{ getenv "PHP_EXPOSE_PHP" "Off" }}
+
+max_execution_time = {{ getenv "PHP_MAX_EXECUTION_TIME" "30" }}
+max_input_time = {{ getenv "PHP_MAX_INPUT_TIME" "60" }}
+;max_input_nesting_level = 64
+max_input_vars = 100
+memory_limit = {{ getenv "PHP_MEMORY_LIMIT" "50M" }}
+
+error_reporting = {{ getenv "PHP_ERROR_REPORTING" "E_ALL & ~E_DEPRECATED & ~E_STRICT" }}
+display_errors = {{ getenv "PHP_DISPLAY_ERRORS" "Off" }}
+display_startup_errors = {{ getenv "PHP_DISPLAY_STARTUP_ERRORS" "Off" }}
+log_errors = {{ getenv "PHP_LOG_ERRORS" "On" }}
+log_errors_max_len = {{ getenv "PHP_LOG_ERRORS_MAX_LEN" "1024" }}
+ignore_repeated_errors = {{ getenv "PHP_IGNORE_REPEATED_ERRORS" "Off" }}
+ignore_repeated_source = {{ getenv "PHP_IGNORE_REPEATED_SOURCE" "Off" }}
+report_memleaks = {{ getenv "PHP_REPORT_MEMLEAKS" "On" }}
+;report_zend_debug = 0
+;xmlrpc_errors = 0
+;xmlrpc_error_number = 0
+html_errors = {{ getenv "PHP_HTML_ERRORS" "On" }}
+;docref_root = "/phpmanual/"
+;docref_ext = .html
+;error_prepend_string = "<span style='color: #ff0000'>"
+;error_append_string = "</span>"
+error_log = {{ getenv "PHP_ERROR_LOG" "/proc/self/fd/2"}}
+;windows.show_crt_warning
+
+;arg_separator.output = "&amp;"
+;arg_separator.input = ";&"
+
+variables_order = "GPCS"
+request_order = "GP"
+
+register_argc_argv = Off
+auto_globals_jit = On
+;enable_post_data_reading = Off
+post_max_size = {{ getenv "PHP_POST_MAX_SIZE" "8M" }}
+
+auto_prepend_file =
+auto_append_file =
+
+default_mimetype = "text/html"
+default_charset = "UTF-8"
+;internal_encoding =
+;input_encoding =
+;output_encoding =
+
+;include_path = ".:/php7/includes"
+
+doc_root =
+user_dir =
+
+extension_dir = "/usr/lib/php7/modules"
+;sys_temp_dir = "/tmp"
+enable_dl = Off
+
+cgi.force_redirect = 1
+;cgi.nph = 1
+;cgi.redirect_status_env =
+cgi.fix_pathinfo = 0
+cgi.discard_path = 1
+
+;fastcgi.impersonate = 1
+;fastcgi.logging = 0
+;cgi.rfc2616_headers = 0
+;cgi.check_shebang_line = 1
+
+file_uploads = {{ getenv "PHP_FILE_UPLOADS" "Off" }}
+upload_tmp_dir = /var/lib/php/tmp_upload
+upload_max_filesize = {{ getenv "PHP_UPLOAD_MAX_FILESIZE" "2M" }}
+max_file_uploads = {{ getenv "PHP_MAX_FILE_UPLOADS" "2" }}
+
+allow_url_fopen = {{ getenv "PHP_ALLOW_URL_FOPEN" "On" }}
+allow_url_include = {{ getenv "PHP_ALLOW_URL_INCLUDE" "Off" }}
+
+;from="john@doe.com"
+;user_agent="PHP"
+
+default_socket_timeout = 60
+;auto_detect_line_endings = Off
+
+[CLI Server]
+cli_server.color = On
+
+[Date]
+date.timezone = {{ getenv "PHP_DATE_TIMEZONE" "Europe/Berlin" }}
+;date.default_latitude = 31.7667
+;date.default_longitude = 35.2333
+;date.sunrise_zenith = 90.583333
+;date.sunset_zenith = 90.583333
+
+[filter]
+;filter.default = unsafe_raw
+;filter.default_flags =
+
+[iconv]
+;iconv.input_encoding =
+;iconv.internal_encoding =
+;iconv.output_encoding =
+
+[intl]
+;intl.default_locale =
+;intl.error_level = E_WARNING
+;intl.use_exceptions = 0
+
+[sqlite3]
+;sqlite3.extension_dir =
+
+[Pcre]
+;pcre.backtrack_limit = 100000
+;pcre.recursion_limit = 100000
+;pcre.jit = 1
+
+[Pdo]
+;pdo_odbc.connection_pooling = strict
+;pdo_odbc.db2_instance_name
+
+[Pdo_mysql]
+pdo_mysql.cache_size = 2000
+pdo_mysql.default_socket =
+
+[Phar]
+;phar.readonly = On
+;phar.require_hash = On
+;phar.cache_list =
+
+[mail function]
+SMTP = localhost
+smtp_port = 25
+;sendmail_path =
+
+;mail.force_extra_parameters =
+mail.add_x_header = On
+;mail.log =
+;mail.log = syslog
+
+[SQL]
+sql.safe_mode = {{ getenv "PHP_SQL_SAFE_MODE" "On" }}
+
+[ODBC]
+;odbc.default_db = Not yet implemented
+;odbc.default_user = Not yet implemented
+;odbc.default_pw = Not yet implemented
+;odbc.default_cursortype
+odbc.allow_persistent = On
+odbc.check_persistent = On
+odbc.max_persistent = -1
+odbc.max_links = -1
+odbc.defaultlrl = 4096
+odbc.defaultbinmode = 1
+;birdstep.max_links = -1
+
+[Interbase]
+ibase.allow_persistent = 1
+ibase.max_persistent = -1
+ibase.max_links = -1
+;ibase.default_db =
+;ibase.default_user =
+;ibase.default_password =
+;ibase.default_charset =
+ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
+ibase.dateformat = "%Y-%m-%d"
+ibase.timeformat = "%H:%M:%S"
+
+[MySQLi]
+;mysqli.allow_local_infile = On
+mysqli.max_persistent = -1
+mysqli.allow_persistent = On
+mysqli.max_links = -1
+mysqli.cache_size = 2000
+mysqli.default_port = 3306
+mysqli.default_socket =
+mysqli.default_host =
+mysqli.default_user =
+mysqli.default_pw =
+mysqli.reconnect = Off
+
+[mysqlnd]
+mysqlnd.collect_statistics = On
+mysqlnd.collect_memory_statistics = Off
+;mysqlnd.debug =
+;mysqlnd.log_mask = 0
+;mysqlnd.mempool_default_size = 16000
+;mysqlnd.net_cmd_buffer_size = 2048
+;mysqlnd.net_read_buffer_size = 32768
+;mysqlnd.net_read_timeout = 31536000
+;mysqlnd.sha256_server_public_key =
+
+[OCI8]
+;oci8.privileged_connect = Off
+;oci8.max_persistent = -1
+;oci8.persistent_timeout = -1
+;oci8.ping_interval = 60
+;oci8.connection_class =
+;oci8.events = Off
+;oci8.statement_cache_size = 20
+;oci8.default_prefetch = 100
+;oci8.old_oci_close_semantics = Off
+
+[PostgreSQL]
+pgsql.allow_persistent = On
+pgsql.auto_reset_persistent = Off
+pgsql.max_persistent = -1
+pgsql.max_links = -1
+pgsql.ignore_notice = 0
+pgsql.log_notice = 0
+
+[bcmath]
+bcmath.scale = 0
+
+[browscap]
+browscap = /etc/php7/browscap.ini
+
+[Session]
+session.save_handler = files
+session.save_path = "/var/lib/php/session"
+session.use_strict_mode = 1
+session.use_cookies = 1
+session.cookie_secure = 0
+session.use_only_cookies = 1
+session.name = PHPSESSID
+session.auto_start = Off
+session.cookie_lifetime = 14400
+session.cookie_path = /
+session.cookie_domain =
+session.cookie_httponly = 1
+session.serialize_handler = php
+session.gc_probability = 1
+session.gc_divisor = 1000
+session.gc_maxlifetime = 1440
+session.referer_check =
+;session.entropy_length = 32
+;session.entropy_file = /dev/urandom
+session.cache_limiter = nocache
+session.cache_expire = 30
+session.use_trans_sid = 0
+session.hash_function = sha512
+session.hash_bits_per_character = 5
+url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
+;session.upload_progress.enabled = On
+;session.upload_progress.cleanup = On
+;session.upload_progress.prefix = "upload_progress_"
+;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"
+;session.upload_progress.freq =  "1%"
+;session.upload_progress.min_freq = "1"
+;session.lazy_write = On
+
+[Assertion]
+zend.assertions = -1
+;assert.active = On
+;assert.exception = On
+;assert.warning = On
+;assert.bail = Off
+;assert.callback = 0
+;assert.quiet_eval = 0
+
+[COM]
+;com.typelib_file =
+;com.allow_dcom = true
+;com.autoregister_typelib = true
+;com.autoregister_casesensitive = false
+;com.autoregister_verbose = true
+;com.code_page=
+
+[mbstring]
+;mbstring.language = Japanese
+;mbstring.internal_encoding =
+;mbstring.http_input =
+;mbstring.http_output =
+;mbstring.encoding_translation = Off
+;mbstring.detect_order = auto
+;mbstring.substitute_character = none
+;mbstring.func_overload = 0
+;mbstring.strict_detection = On
+;mbstring.http_output_conv_mimetype =
+
+[gd]
+;gd.jpeg_ignore_warning = 0
+
+[exif]
+;exif.encode_unicode = ISO-8859-15
+;exif.decode_unicode_motorola = UCS-2BE
+;exif.decode_unicode_intel = UCS-2LE
+;exif.encode_jis =
+;exif.decode_jis_motorola = JIS
+;exif.decode_jis_intel = JIS
+
+[Tidy]
+;tidy.default_config = /usr/local/lib/php7/default.tcfg
+tidy.clean_output = Off
+
+[soap]
+soap.wsdl_cache_enabled = 1
+soap.wsdl_cache_dir = "/var/lib/php/soap_cache"
+soap.wsdl_cache_ttl = 86400
+soap.wsdl_cache_limit = 5
+
+[sysvshm]
+;sysvshm.init_mem = 10000
+
+[ldap]
+ldap.max_links = -1
+
+[mcrypt]
+;mcrypt.algorithms_dir =
+;mcrypt.modes_dir =
+
+[dba]
+;dba.default_handler =
+
+[opcache]
+;opcache.enable = 0
+;opcache.enable_cli = 0
+;opcache.memory_consumption = 64
+;opcache.interned_strings_buffer = 4
+;opcache.max_accelerated_files = 2000
+;opcache.max_wasted_percentage = 5
+;opcache.use_cwd = 1
+;opcache.validate_timestamps = 1
+;opcache.revalidate_freq = 2
+;opcache.revalidate_path = 0
+;opcache.save_comments = 1
+;opcache.fast_shutdown = 0
+;opcache.enable_file_override = 0
+;opcache.optimization_level = 0xffffffff
+;opcache.dups_fix = 0
+;opcache.blacklist_filename =
+;opcache.max_file_size = 0
+;opcache.consistency_checks = 0
+;opcache.force_restart_timeout = 180
+;opcache.error_log =
+;opcache.log_verbosity_level = 1
+;opcache.preferred_memory_model =
+;opcache.protect_memory = 0
+;opcache.restrict_api =
+;opcache.mmap_base =
+;opcache.file_cache =
+;opcache.file_cache_only = 0
+;opcache.file_cache_consistency_checks = 1
+;opcache.file_cache_fallback = 1
+;opcache.huge_code_pages = 1
+;opcache.validate_permission = 0
+;opcache.validate_root = 0
+
+[curl]
+curl.cainfo = /etc/ssl/certs/ca-certificates.crt
+
+[openssl]
+openssl.cafile = /etc/ssl/certs/ca-certificates.crt
+openssl.capath = /etc/ssl/certs

overlay/usr/local/bin/entrypoint.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+/usr/local/bin/gomplate -V -o /etc/php7/php.ini -f /etc/templates/php.ini.tmpl
+/usr/local/bin/gomplate -V -o /var/www/app/config.php -f /etc/templates/config.php.tmpl
+
+chown -R nginx:nginx /var/www/app/data
+chown -R nginx:nginx /var/www/app/plugins
+
+exec /bin/s6-svscan /etc/services.d

overlay/usr/local/bin/healthcheck.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -eo pipefail
+URL=http://localhost
+
+wget --quiet --tries=1 --spider ${URL}
+[ $? -ne 0 ] && exit 1
+
+CONTENT=$(wget --quiet -O - ${URL})
+case "$CONTENT" in
+  *Exception*) exit 1 ;;
+  *alert-*alert-*SELF_URL_PATH*) exit 1 ;;
+  *alert-*SELF_URL_PATH*alert-*) exit 1 ;;
+  *SELF_URL_PATH*alert-*alert-*) exit 1 ;;
+esac
+
+exit 0